Could i have false positives with ClamWin antivirus

Hey all,

In the last week i have started using ClamWin antivirus i did a scan the other day and it was finding all of these Trojans and other things i'm think all of these can't be viruses here is the log file.

So if anyone knows what there doing in ClamWin please let me know and here's the link to the log file

Thanks all

Sounds like what AVG does now. "Look how useful I am! I kept You so SAFE! BUY MY PRO VERSION NOW TO STAY SAFERERER!" I dont even use antivirus, I occasionally use CCleaner and malewarebytes and that is it.

Ok, most of the entries are concerning the fact the the scanner was not able to open the file for reading as of insufficient permissions.

The findings you are presented with are in the Adware category, and to 99% I guess that the setups its mourning about are using a runtimepacker (compression) that’s also used for adware infected downloads. - on virustoatal only clamAV says they are infected.. and specially the catalyst drivers from AMD I would say can bet trusted if loaded from AMD directly.

ClamAV is nice project, but at times it to picky and others its not up todate enough.

I downloaded all of those program files from the company website i even download the AMD driver from AMD website i never download files from a 3rd party website always from the makers website.

I'm kinda shock tho it was saying even files from Steam was infected too.

Maybe i should just uninstall the antivirus and just use CCleaner & Malwarebytes like @ProSonicLive said.

1 Like

As I said, I suppose its cause by some compression algorithm used in those files that triggered the signature based detection.
As of today, I feel save to say "ditch the snakeoil" windows defender is good enough at catching known threats (signatures) and everything else wont be catched by the others as well.

Maybe i should just uninstall the antivirus and just use CCleaner & Malwarebytes like @ProSonicLive said.

I second that advice

@th3z0ne

Thanks for the advice

you could ofc just google the trojans to see what they do.

Thats what I did. They are signatures introduced by ClamAV only. Only ClamAV objects them.. and classifies them as addware

Then i think there is not realy much to worry about.

you could ofc install another free virus scanner like Avast, and scan with that.
Avast as far as i know, is also decent.
And you can also use Malware Bytes next to it.

If those 2 find nothing, then i think its just false alarm.

I do not know about clawin in detail, and don't use windows anymore to recommend a decent current replacement

I have used Avira Rescue CD on friends windows machines, loads completely independent of installed OS

There is another one, Panda Cloud Cleaner, but only heard it is good, not had chance to try it out yet

The "permission denied" things aren't really a worry.

As for the others :

C:\AMD\AMD-Catalyst-15.10Beta-64Bit-Win10-Win8.1-Win7-Oct12\Packages\Apps\AppEx\AppEx\ABC.exe: Win.Adware.Eorezo-374 FOUND

Eorezo is an advertisement-supported program that causes pop-ups to appear on your PC.
Long explanation : http://www.anti-spyware-101.com/adwarewin32eorezo
This is probably a false positive. Perhaps the code AMD uses to show pop-ups regarding new drivers is too similar and that triggers it?


C:\Program Files\WinPcap\uninstall.exe: Win.Adware.Agent-58870 FOUND
C:\Program Files (x86)\Freemake\CaptureLib\winpcap.exe: Win.Adware.Agent-58870 FOUND

This one has me puzzled. There are plenty of Win.Adware.Agent reports, but I can't find info on this particular version. So yeah, not sure what to make of that.


C:\Program Files (x86)\foobar2000\uninstall.exe: Win.Adware.Adgazelle-42 FOUND
C:\Program Files (x86)\Notepad++\uninstall.exe: Win.Adware.Adgazelle-42 FOUND

Adgazelle is a PPI (pay per install) provider, much like OpenCandy etc. So it looks like the installers for foobar and Notepad++ are the kind that try to trick you into installing all kinds of useless apps and "performance-increasing" tools and what have you not. Clamwin is treating those installers as malicious now.
Not sure if I'd rate this as a false positive. I truly hate those sneaky installers.

1 Like

@CaptainChaos

Thanks for that, Strange tho that ClamWin is the only one which has pick up on those

You also often download "free" programm´s, which often offer an additional sponsor or toolbar.
You can simply choose to not install those.
But some virus scanners can give a positive alarm on such installers.
Because they basicly do contain added malware in form of toolbars or whatever.

Yeah i never install any extra software when i'm installing programs, i always un tick and extra stuff

Still the toolbar, and the optimizer.. jada jada jada... the crap is bundled with the installer.
E.g. Avira AntiVir you can set to alarm on "unwanted programs" than you get the same programs flagged as malicious.